How to deal with Mixed Desktop Environments

How to deal with Mixed
Desktop Environments
Different business needs and changing IT
strategies have created heterogeneous desktop environments that combine PCs, thin
clients, laptops and other mobile devices. The
right computing and management strategy is
key to a permanent reduction in administrative
way of providing IT users with data and applications has
The classic desktop PC is losing substantial market share
Consistent Management Strategy
due to high operating and security costs. By contrast, note-
Although it may appear worthwhile to equip all IT workplaces
books and thin clients are on a growth curve. At present,
with thin clients, many mobile users still rely on laptops. To
the commercial share of these two device types matches
the frustration of administrators, there is currently no
that of classic desktop PCs. According to an IDC analysis, in
management solution that is equally suitable for thin clients,
2007 the thin client share of corporate desktops was 5.4%
PCs, and laptops. Typical PC management tools, such as
in the US and 4.8% worldwide. The current mix of desktop
Altiris, are of very limited use for thin clients. Special soft-
devices calls for IT managers to adopt a clear strategy. In the
ware is needed to fully exploit, in cost terms, the strengths of
absence of a sound concept to manage and align desktop
thin client-based desktop environments. This software per-
environments, the risks go beyond an explosion in IT costs.
mits group-based management of device profiles, supports
If companies miss the opportunity to simplify the desktop
systematic remote administration of all functions, and
management jungle, they may put their data and the future
delivers secure and efficient mechanisms to update thin
of their IT infrastructure at risk.
client firmware. Added benefits of thin client-specific
emerged: desktop virtualization, which has opened up a
relatively new field of application for thin clients. In this concept, servers on which operating systems and applications
are installed simulate standard PC hardware. As in serverbased computing, users access the servers from thin clients
and see on their monitors the usual graphical user interface
of (virtual) PCs.
administration solutions are automated functions which,
Data and Application Strategy
for example, switch terminal devices on and off remotely at
IT workspaces cannot be seen in isolation from general
specific times.
corporate computing strategy. This fundamental issue must
therefore be addressed as part of the infrastructure strategy.
Currently, there are three basic ways of providing data and
Abb. 1: Management model for heterogeneous desktop
applications company-wide. In the ‘80s, the client/server
principle took hold. This involved connecting full PCs with
hard disks and locally installed applications like Microsoft®
n Cl
Office, email, Internet, etc. to data servers via a network.
much simpler and much more secure administration. In line
with this concept, all files began to be stored centrally and
tool ent
and public agencies from the mid ‘90s onward supported
too men
Active Directory
(user profile)
PDA one, etc.
computing paradigm that spread through private companies
an tool
n ag
Ma tool
USB-attached storage media. However, the server-based
PC / La
Files were also saved locally on the PC hard disk or on
the applications would run on “terminal servers” located
in computer centres. Although this concept has permitted
Joint Basis for Best-of-Breed Management
continued use of PCs, thin clients are typically deployed.
The use of a joint profile database is recommended to
Because thin clients dispense with mechanical components
minimise administration costs for heterogeneous desk-
such as fans and hard disks, they are more reliable, but they
top environments without surrendering the advantages of
do not allow for local data storage. What’s more, thin clients
specialized management solutions. A suitable option in the
consume no more than half the power of PCs and
Windows® environment is Active Directory (AD), which has
support full remote administration. More recently, a third
been an integral part of Microsoft’s® server operating system
since Windows® 2000 was introduced, and is therefore sup-
a VPN connection when working directly on the server and
ported by all leading vendors. In the thin client environment,
they should not be allowed to save data locally.
mention should be made of the IGEL Remote Management
Suite from the German vendor IGEL Technology. This
software, which comes bundled with all IGEL thin clients,
Abb. 2: Security model for heterogeneous desktop
is a solution that supports not only Active Directory, but
also a wide range of database formats for better integration
and data
Update and Partial Update, updating is faster and minimises
urity policies
S ec
user service. Thanks to innovative methods such as Buddy
martcard acc
yer (s
PC /
n la
tive overhead (time and costs) and an improved level of
ment console is programmed in Java and is not tied to a
management strategy are reflected in reduced administra-
nection layer (VPN
into legacy IT environments. Appropriately, the managespecific platform. The virtues of an Active Directory-based
(stationary, mo
network load. With Buddy Update, a thin client in the cluster
assumes the role of an update server; with Partial Update,
only new firmware files are transferred to the thin clients.
Further benefits of special management solutions are integrated standard queries that keep IT managers informed of
the current status of the thin client pool at all times. A mouse
click is all that is needed to filter and display a list of nonactive devices.
User Strategy: Universal Mapping of User Scenarios
In terms of operating costs, stationary thin clients generate
savings of 75% compared to PCs. This is confirmed by the
Economic Evaluation of the Fraunhofer Institute UMSICHT
( Therefore, a logical
conclusion would be to target maximum use of thin clients in
companies, and to use notebooks only in mobile scenarios
where there is no permanent connection to the corporate
Security Strategy: Enhanced Data Security
The growing demand for thin clients is also a consequence
of rising security costs. A cross-desktop strategy is strongly
recommended in this area, too. Market analysts at Gartner
forecast that theft of desktop devices with local storage will
result in a 20% rise in operational security costs. There is
less incentive to steal thin clients as they have no local file
storage. And even though every attempt should be made
to protect them against unauthorized use, security issues
are more serious for laptops, on which data can be stored
locally. Instead of the relatively insecure login process with
user name and password, it is advisable to implement
uniform, enterprise-wide two-factor authentication across all
network. On company premises, mobile thin clients may also
be deployed with a WLAN or UMTS connection. If it is
necessary to reduce costs per IT workspace even further,
multi-user scenarios with a shared pool of laptops and
thin clients are an alternative option. If notebooks are used
primarily in home offices, they can likewise be replaced with
thin clients that feature an integrated Cisco VPN client. This
also permits central management of home-based workplaces. Even an ISDN connection is sufficient to facilitate
remote work on the corporate server. All types of IT needs
can be meaningfully supported with the help of a central
profile database, such as Active Directory, as the smallest
common denominator.
desktop devices. For this purpose, many thin client models
already have a built-in smartcard reader or support USBbased authentication solutions. To reduce administration
effort, authentication scenarios of this kind may also be
based on Active Directory. As a further guideline, local data
storage should be kept to a minimum in companies. With
this in mind, laptops can be set to access a server-based
computing environment in the company, and to permit automatic synchronization of only a limited selection of folders for
offline operation. If a permanent mobile Internet connection
is available outside company premises, users should prefer
Hardware Strategy: Consolidating Terminal Devices
Few companies are in the fortunate position that their staff
uses only standard applications and hardware, all of which
can be centrally provisioned. Despite the individual nature
of requirements, there are universal solution concepts to
support centralisation with thin clients and, in spite of the
need for uniform management, various use cases can be
implemented. For example, the Universal Desktop approach
adopted by IGEL, the German market leader, provides vari3/6
ous cross-model access paths (known as Digital Services)
Keeping Technology Options Open
to central IT infrastructures, and also offers a wide variety
Regardless of whether companies opt for a virtual desktop
of support technologies such as WLAN, smartcard, roam-
or a server-based computing environment, if they want the
ing and single-sign-on. These options ensure that even user
best of each provisioning technology without losing their way
scenarios with several monitors, widescreen, touchscreen
in the management jungle created by the diverse software
support, and IP telephony can be implemented. More
and hardware solutions, they must adopt a sound desktop
examples are direct Internet, host and SAP access, PDA
management strategy with a joint user profile database. An
synchronization, and vertical solutions such as card reader
overarching user authentication strategy also helps keep
support for health insurance cards. The purpose of universal
security costs under control. Given the newness of current
solution approaches is to fully take advantage of consolida-
desktop virtualization solutions, it is important not to take
tion potential and, at the same time, to largely dispense with
a short-term view when selecting thin client models and
server-based middleware. The Universal Desktop models
vendors as this could close the door on future technology
are even able to replace IP phones and print servers. They
options. Modern thin clients with universal firmware minimise
also permit access to virtual desktop environments such as
this risk. Their broad standardised range of access
VMware VDI and Citrix XenDesktop.
protocols and supplementary technologies ensure that
company employees are able to use the applications they
Migration Strategy: Focusing on the Future
need to perform their specific tasks cost-effectively, securely,
Heterogeneous desktop environments are becoming
reliably, and long into the future.
more and more standard due to the increasing pressure to
improve management, security and total costs. However,
until these improvements are meaningfully made, it is a
question of finding the ideal mix of thin clients and notebooks. This depends both on the consolidation effects that
can be achieved and on the improvements in productivity.
Basically, desktop PCs should be reserved for specific
use cases, or better still, they should be virtualized. Once
server-side preparations have been made, all stationary
workplaces can be migrated affordably to thin clients. The
thin client device profiles are defined prior to actual rollout in
the management solution. The terminal devices are readyto-run once physically connected. This means that several
hundred thin clients can be rolled out every day. From an
entrepreneurial point of view, an interesting benefit of rapid
migration is the ability to better plan and implement organizational changes such as data recovery, emergency and
crisis scenarios, and corporate mergers. New and replacement investments in thin clients generally pay for themselves
quickly due to the long lifecycles and low TCO. Investment
in virtual desktops is especially worthwhile where there is
a large proportion of specialized PC-based applications
(graphical or CAD workstations, for instance) that can likewise be provisioned using a standardised thin client
